SANS NewsBites is a semiweekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible.

Spend five minutes per week to keep up with the high-level perspective of all the latest security news. New issues are delivered free every Tuesday and Friday.

SANS 2011 in Orlando is now taking registrations. 39 courses. Bonus evening presentations and special events include Hiding in Plain Sight: Forensic Techniques to Counter the Advanced Persistent Threat; and Law and the Public's Perception of Data Security http://www.sans.org/sans-2011/">http://www.sans.org/sans-2011/

Plus Atlanta, Bangalore, Singapore and Barcelona all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/index.php ****************************************************************************

SCADA Spending Projections Up (December 27, 2010)

Statistics from research firm Frost & Sullivan indicate that the Supervisory Control and Data Acquisition (SCADA) market is expected to grow from $4.6 billion last year to nearly US $7 billion in 2016. The advent of Stuxnet has brought the issue of SCADA security to headlines around the world. The Frost & Sullivan report indicates that companies expect to include security in their SCADA spending. -http://www.informationweek.com/blog/main/archives/2010/12/scada_security.html[Editor's Note (Paller): The people shaping the future of SCADA security are getting together in Orlando at the end of February. Most of the major electric utilities and the key suppliers will be there along with water, gas & oil, and other major users. Government speakers will unveil new pathays and improved resources, If you play a roll in securing the critical infrastructure, this is the one meeting to attend early in 2011. -http://www.sans.org/north-american-scada-2011/]

********************** Sponsored Link: *****************************

1) Wondering how to protect SCADA and other control systems? The North American SCADA conference can help you create a game plan to prevent future attacks. ( http://www.sans.org/info/68424 ), Lake Buena Vista, Florida, February 23 - March 2, 2011 ***********************************************************************

ChronoPay.com Suffers Redirect Attack (December 29, 2010)

A hijacking attack on ChronoPay.com, Russia's largest online payment processor, redirected visitors to a phony site that attempted to steal their financial information. ChronoPay chief executive Pavel Vrublevsky said the phony site was up for several hours between December 25 and 26, and that approximately 800 credit card numbers were harvested. The attackers also posted a message to the ChronoPay home page claiming that all personal data used on the site in 2009 and 2010 had been stolen. The message appeared to be from Vrublevsky, who said that the claims were untrue, claiming the only data compromised were the credit card numbers stolen last week. -http://krebsonsecurity.com/2010/12/russian-e-payment-giant-chronopay-hacked/

Eugene Schultz, Ph.D., CISM, CISSP is CTO of Emagined Security and the author/co-author of books on Unix security, Internet security, Windows NT/2000 security, incident response, and intrusion detection and prevention. He was also the co-founder and original project manager of the Department of Energy's Computer Incident Adv isory Capability (CIAC)

John Pescatore is Vice President at Gartner Inc.; he has worked in computer and network security since 1978.

Stephen Northcutt founded the GIAC certification and currently serves as President of the SANS Technology Institute, a post graduate level IT Security College, www.sans.edu.

Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute.

Ed Skoudis is co-founder of Inguardians, a security research and consulting firm, and author and lead instructor of the SANS Hacker Exploits and Incident Handling course.

Rob Lee is the curriculum lead instructor for the SANS Institute's computer forensic courses (computer-forensics.sans.org) and a Director at the incident response company Mandiant.

Rohit Dhamankar is a security professional currently involved in independent security research.

Tom Liston is a Senior Security Consultant and Malware Analyst for Inguardians, a handler for the SANS Institute's Internet Storm Center, and co-author of the book Counter Hack Reloaded.

Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting.

Ron Dick directed the National Infrastructure Protection Center (NIPC) at the FBI and is the incoming President of the InfraGard National Members Alliance - with 22,000 members.

Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He is leading SANS' global initiative to improve application security.

David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute.

Marcus J. Ranum built the first firewall for the White House and is widely recognized as a security products designer and industry innovator.

Clint Kreitner is the founding President and CEO of The Center for Internet Security.

Brian Honan is an independent security consultant based in Dublin, Ireland.

David Turley is SANS infrastructure manager and serves as production manager and final editor on SANS NewsBites.

Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/